name: Deploy

on:
  workflow_dispatch:
    inputs:
      flavor:
        description: 'Select what enverionment to deploy to'
        type: choice
        default: canary
        options:
          - canary
          - beta
          - stable
          - internal
env:
  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}

permissions:
  contents: 'write'
  id-token: 'write'
  packages: 'write'

jobs:
  build-server-image:
    name: Build Server Image
    uses: ./.github/workflows/build-server-image.yml
    with:
      flavor: ${{ github.event.inputs.flavor }}

  build-web:
    name: Build @affine/web
    runs-on: ubuntu-latest
    environment: ${{ github.event.inputs.flavor }}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        id: version
        uses: ./.github/actions/setup-version
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
      - name: Build Core
        run: yarn nx build @affine/web --skip-nx-cache
        env:
          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          BUILD_TYPE: ${{ github.event.inputs.flavor }}
          SHOULD_REPORT_TRACE: true
          TRACE_REPORT_ENDPOINT: ${{ secrets.TRACE_REPORT_ENDPOINT }}
          CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
          SENTRY_PROJECT: 'affine-web'
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
          PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }}
          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
      - name: Upload web artifact
        uses: actions/upload-artifact@v4
        with:
          name: web
          path: ./packages/frontend/web/dist
          if-no-files-found: error

  build-frontend-image:
    name: Build Frontend Image
    runs-on: ubuntu-latest
    needs:
      - build-web
    steps:
      - uses: actions/checkout@v4
      - name: Download web artifact
        uses: actions/download-artifact@v4
        with:
          name: web
          path: ./packages/frontend/web/dist
      - name: Setup env
        run: |
          echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
          if [ -z "${{ inputs.flavor }}" ]
          then
            echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV"
          else
            echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV"
          fi
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          logout: false
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build front Dockerfile
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          pull: true
          platforms: linux/amd64,linux/arm64
          provenance: true
          file: .github/deployment/front/Dockerfile
          tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}

  deploy:
    name: Deploy to cluster
    if: ${{ github.event_name == 'workflow_dispatch' }}
    environment: ${{ github.event.inputs.flavor }}
    needs:
      - build-frontend-image
      - build-server-image
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        id: version
        uses: ./.github/actions/setup-version
      - name: Deploy to ${{ github.event.inputs.flavor }}
        uses: ./.github/actions/deploy
        with:
          build-type: ${{ github.event.inputs.flavor }}
          gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }}
          gcp-project-id: ${{ secrets.GCP_PROJECT_ID }}
          service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}
          cluster-name: ${{ secrets.GCP_CLUSTER_NAME }}
          cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }}
        env:
          APP_VERSION: ${{ steps.version.outputs.APP_VERSION }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }}
          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
          R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
          R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }}
          COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }}
          COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }}
          COPILOT_UNSPLASH_API_KEY: ${{ secrets.COPILOT_UNSPLASH_API_KEY }}
          MAILER_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }}
          MAILER_USER: ${{ secrets.OAUTH_EMAIL_LOGIN }}
          MAILER_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AFFINE_GOOGLE_CLIENT_ID: ${{ secrets.AFFINE_GOOGLE_CLIENT_ID }}
          AFFINE_GOOGLE_CLIENT_SECRET: ${{ secrets.AFFINE_GOOGLE_CLIENT_SECRET }}
          DATABASE_URL: ${{ secrets.DATABASE_URL }}
          DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }}
          DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }}
          DATABASE_NAME: ${{ secrets.DATABASE_NAME }}
          GCLOUD_CONNECTION_NAME: ${{ secrets.GCLOUD_CONNECTION_NAME }}
          GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT: ${{ secrets.GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT }}
          REDIS_HOST: ${{ secrets.REDIS_HOST }}
          REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
          CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
          STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
          STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
          STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}
